e01c8df550
Security Issues --------------- Two security holes have been closed by this release: CVE-2016-5423: certain nested CASE expressions can cause the server to crash. CVE-2016-5424: database and role names with embedded special characters can allow code injection during administrative operations like pg_dumpall. The fix for the second issue also adds an option, -reuse-previous, to psql's \connect command. pg_dumpall will also refuse to handle database and role names containing line breaks after the update. For more information on these issues and how they affect backwards-compatibility, see the Release Notes. Bug Fixes and Improvements -------------------------- This update also fixes a number of bugs reported in the last few months. Some of these issues affect only version 9.5, but many affect all supported versions: Fix misbehaviors of IS NULL/IS NOT NULL with composite values Fix three areas where INSERT ... ON CONFLICT failed to work properly with other SQL features. Make INET and CIDR data types properly reject bad IPv6 values Prevent crash in "point ## lseg" operator for NaN input Avoid possible crash in pg_get_expr() Fix several one-byte buffer over-reads in to_number() Don't needlessly plan query if WITH NO DATA is specified Avoid crash-unsafe state in expensive heap_update() paths Fix hint bit update during WAL replay of row locking operations Avoid unnecessary "could not serialize access" with FOR KEY SHARE Avoid crash in postgres -C when the specified variable is a null string Fix two issues with logical decoding and subtransactions Ensure that backends see up-to-date statistics for shared catalogs Prevent possible failure when vacuuming multixact IDs in an upgraded database When a manual ANALYZE specifies columns, don't reset changes_since_analyze Fix ANALYZE's overestimation of n_distinct for columns with nulls Fix bug in b-tree mark/restore processing Fix building of large (bigger than shared_buffers) hash indexes Prevent infinite loop in GiST index build with NaN values Fix possible crash during a nearest-neighbor indexscan Fix "PANIC: failed to add BRIN tuple" error Prevent possible crash during background worker shutdown Many fixes for issues in parallel pg_dump and pg_restore Make pg_basebackup accept -Z 0 as no compression Make regression tests safe for Danish and Welsh locales |
||
---|---|---|
.. | ||
buildlink3.mk | ||
DESCR | ||
Makefile | ||
PLIST |